Abstract
Non-interactive batch arguments for \(\textsf{NP} \) provide a way to amortize the cost of \(\textsf{NP} \) verification across multiple instances. In particular, they allow a prover to convince a verifier of multiple \(\textsf{NP} \) statements with communication that scales sublinearly in the number of instances.
In this work, we study fully succinct batch arguments for \(\textsf{NP} \) in the common reference string (CRS) model where the length of the proof scales not only sublinearly in the number of instances T, but also sublinearly with the size of the \(\textsf{NP} \) relation. Batch arguments with these properties are special cases of succinct non-interactive arguments (SNARGs); however, existing constructions of SNARGs either rely on idealized models or strong non-falsifiable assumptions. The one exception is the Sahai-Waters SNARG based on indistinguishability obfuscation. However, when applied to the setting of batch arguments, we must impose an a priori bound on the number of instances. Moreover, the size of the common reference string scales linearly with the number of instances.
In this work, we give a direct construction of a fully succinct batch argument for \(\textsf{NP} \) that supports an unbounded number of statements from indistinguishability obfuscation and one-way functions. Then, by additionally relying on a somewhere statistically-binding (SSB) hash function, we show how to extend our construction to obtain a fully succinct and updatable batch argument. In the updatable setting, a prover can take a proof \(\pi \) on T statements \((x_1, \ldots , x_T)\) and “update” it to obtain a proof \(\pi '\) on \((x_1, \ldots , x_T, x_{T + 1})\). Notably, the update procedure only requires knowledge of a (short) proof for \((x_1, \ldots , x_T)\) along with a single witness \(w_{T + 1}\) for the new instance \(x_{T + 1}\). Importantly, the update does not require knowledge of witnesses for \(x_1, \ldots , x_T\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
One way to do this is to observe that the above approach already gives a fully succinct batch argument for index languages (i.e., a batch language where the \(T \le 2^\lambda \) instances are defined to be \((x_1, x_2, \ldots , x_T) = (1, 2, \ldots , T)\)). Then, we can apply the index BARG to BARG transformation from Choudhuri et al. [CJJ21b], which relies on somewhere extractable commitments.
- 2.
A puncturable PRF is a PRF where the holder of the master secret key can “puncture” the key on an input \(x^*\). The resulting punctured key \(k'\) can be used to evaluate the PRF on all inputs except \(x^*\). The value of the PRF at \(x^*\) remains pseudorandom (i.e., computationally indistinguishable from random) even given the punctured key \(k'\). We provide the formal definition in Definition 2.2.
- 3.
If the underlying BARG is not rate-1, then we can only compose a bounded number of times.
- 4.
Here, and throughout the exposition, we associate elements of the set \([2^\lambda ]\) with their binary representation in \(\{0,1\}^\lambda \), and the value \(2^\lambda \) with the all-zeroes string \(0^\lambda \).
- 5.
Our transformation also applies in the setting where the number of instances is bounded and the transformed scheme inherits the same bound. For simplicity of exposition, we just describe the transformation for the unbounded case.
- 6.
Formally, our hash function will take inputs in \(\{0,1\}^{\ell _{j-1}}\cup \{ \bot \}\). For ease of exposition, we drop the special input symbol \(\bot \) in our block length description.
References
Albrecht, M.R., Cini, V., Lai, R.W.F., Malavolta, G., Thyagarajan, S.: Lattice-based SNARKs: publicly verifiable, preprocessing, and recursively composable. In: CRYPTO (2022)
Asharov, G., Segev, G.: Limits on the power of indistinguishability obfuscation and functional encryption. In: FOCS, pp. 191–209 (2015)
Eli, B.-S., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. IACR Cryptol. ePrint Arch. (2018)
Bitansky, N., et al.: The Hunting of the SNARK. J. Cryptology 30(4), 989–1066 (2016). https://doi.org/10.1007/s00145-016-9241-9
Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: ITCS (2012)
Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: Recursive composition and bootstrapping for SNARKS and proof-carrying data. In: STOC, pp. 111–120 (2013)
Bitansky, N., Canetti, R., Ishai, Y., Ostrovsky, R., Paneth, O.: Succinct non-interactive arguments via linear interactive proofs. In: TCC (2013)
Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. In: STOC (2014)
Barak, B., et al.: On the (im)possibility of obfuscating programs. In: CRYPTO, pp. 1–18 (2001)
Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: PKC, pp. 501–519 (2014)
Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Lattice-based SNARGs and their application to more efficient obfuscation. In: EUROCRYPT (2017)
Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Quasi-optimal snargs via linear multi-prover interactive proofs. In: EUROCRYPT, pp. 222–255 (2018)
Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: ASIACRYPT, pp. 280–300 (2013)
Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.P.: Marlin: Preprocessing zkSNARKs with universal and updatable SRS. In: EUROCRYPT (2020)
Choudhuri, A.R., Jain, A., Jin, Z.: Non-interactive batch arguments for NP from standard assumptions. In: CRYPTO, pp. 394–423 (2021)
Choudhuri, A.R., Jain, A., Jin, Z.: Snargs for \(\cal{P}\) from LWE. In: FOCS, pp. 68–79 (2021)
Chiesa, A., Ojha, D., Spooner, N.: Post-quantum and transparent recursive proofs from holography. In: EUROCRYPT, Fractal (2020)
Damgård, I., Faust, S., Hazay, C.: Secure two-party computation with low communication. In: TCC (2012)
Devadas, L., Goyal, R., Kalai, Y., Vaikuntanathan, V.: Rate-1 non-interactive arguments for batch-NP and applications. IACR Cryptol. ePrint Arch. (2022)
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: EUROCRYPT (2013)
Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: ASIACRYPT (2010)
Groth, J.: On the size of pairing-based non-interactive arguments. In: EUROCRYPT (2016)
Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC, pp. 99–108 (2011)
Hubácek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: ITCS, pp. 163–172 (2015)
Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from well-founded assumptions. In: STOC, pp. 60–73 (2021)
Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from LPN over f_p, dlin, and prgs in nc\({\hat{\,}}\)0. In: EUROCRYPT (2022)
Koppula, V., Lewko, A.B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. In: STOC, pp. 419–428 (2015)
Kiayias, A., Papadopoulos, S., Triandopoulos, S., Zacharias, T.: Delegatable pseudorandom functions and applications. In: ACM CCS, pp. 669–684 (2013)
Lipmaa, H.: Succinct non-interactive zero knowledge arguments from span programs and linear error-correcting codes. In: ASIACRYPT (2013)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: CRYPTO, pp. 369–378 (1987)
Micali, S.: Computationally-sound proofs. In: Proceedings of the Annual European Summer Meeting of the Association of Symbolic Logic (1995)
Naor, M.: On cryptographic assumptions and challenges. In: CRYPTO (2003)
Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: ASIACRYPT, pp. 121–145 (2015)
Parno, B., Howell, J., Gentry, C., Raykova, M.: Nearly practical verifiable computation. In: IEEE Symposium on Security and Privacy, Pinocchio (2013)
Setty, S.T.V.: Spartan: efficient and general-purpose zkSNARKs without trusted setup. In: CRYPTO (2020)
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: STOC (2014)
Waters, B., Wu, D.J.: Batch arguments for NP and more from standard bilinear group assumptions. In: CRYPTO (2022)
Acknowledgments
We thank the anonymous TCC reviewers for helpful feedback on this work. B. Waters is supported by NSF CNS-1908611, a Simons Investigator award, and the Packard Foundation Fellowship. D. J. Wu is supported by NSF CNS-2151131, CNS-2140975, a Microsoft Research Faculty Fellowship, and a Google Research Scholar award.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Garg, R., Sheridan, K., Waters, B., Wu, D.J. (2022). Fully Succinct Batch Arguments for \(\textsf{NP}\) from Indistinguishability Obfuscation. In: Kiltz, E., Vaikuntanathan, V. (eds) Theory of Cryptography. TCC 2022. Lecture Notes in Computer Science, vol 13747. Springer, Cham. https://doi.org/10.1007/978-3-031-22318-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-22318-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22317-4
Online ISBN: 978-3-031-22318-1
eBook Packages: Computer ScienceComputer Science (R0)